By: Muhammad Abbas, Luis Magsumbol, Peter Yambao & Eric Group - - PowerPoint PPT Presentation

SEC625 Group Presentation By: Muhammad Abbas, Luis Magsumbol, Peter Yambao & Eric

Group Plan

■ Divided work ■ Decided Services (Implementation) ■ Calculation for VMs ■ Windows or Linux ■ Network Details

Group Plan

■ How to Divide networks ■ Clients (How many?) ■ Windows or Linux ■ Client Access ■ Security as one

Active Directory and DNS

■ Server 2008 R2 ■ Installed Microsoft Security Essentials ■ Updated the System ■ Updated Anti-Virus Definitions ■ Network Configuration (2 Networks)

Active Directory and DNS

■ Networks (Intranet and Internet) ■ Change Local Admin name ■ Installed AD DS role ■ Created OUs and Users ■ Group Policies ■ Downloaded Wireshark

Group Policies

■ Password Age (42 days) ■ Password Length (7 Characters) ■ Domain Wide ■ Hide last logged in User ■ Disable Command Prompt (Non-IT Departements)

DHCP and Mail Server

■ Server 2008 R2 ■ Installed Microsoft Security Essentials ■ Network Configuration (Intranet and Internet) ■ Changed Local Administrator name ■ Joined Server to AD domain

DHCP and Mail Server

■ DHCP leases different IPs ■ Mail configured only for internal use ■ Mail password different from AD ■ Passwords encrypted ■ Built-In Database

Apache Server

■ Updated Linux operating system to latest version ■ Disabled unneeded services – firewalld.service, irqbalance.service, abrtd.service, polkit.service, smartd.service, wpa_supplicant.service, atd.service ■ Installed Logwatch ■ Logging and monitoring of system activity using Logwatch and default log files

Apache Server

■ Installed latest version of Apache Package (httpd) ■ Added ‘ServerSignature Off’ and ‘ServerTokens Prod’ lines in config file – Hides operating system name and version from being shown by browser ■ Created index.html in Document Root – hides the listing of files in the directory, displayed by default

Apache Server

■ Installed mod_security module – (firewall for web applications, monitor traffic real-time, protect from brute-force attacks) ■ Configured self-signed SSL: – installed mod_ssl module – made directory storing private key accessible only by root user – SSL key and certificate command: ■ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Apache Server (Specific Security)

■ Set up secure SSL parameters ■ Disabled info_module which can leak sensitive information using .htaccess

Apache Server (Firewall)

■ Installed latest version of IPTABLES ■ Changed default policy to drop all traffic by default for all rules (rule of least privilege) ■ Only allow http port 80 and https port 443 traffic from within local network

Apache Server

■ Documented changes for future reference ■ Apache server installed in it’s own machine and separated from other services (zoning) ■ If I had more time: – More research and configured Mod Security module – Improved logging by configuring mod_log_config module – Did more research and adjusted the timeout, maxclients, keepalivetimeout, limitrequestfields, and limitrequestfieldsize directives to protect against DDOS

Client

■ Window 7 was what the group choose to use but the official website will redirect me to Window 10 instead ■ Windows update took several hours because I ended up downloading Window 7 from some other site and it is not updated ■ Getting our VM was problematic because I use VMware to install my client and the group use Virtual Box ■ When I install my Client I choose the default split virtual disk which made it very hard to import to Virtual Box

Client

■ Client defenses are for blocking attacks that pass the perimeter or from the internal network ■ Things I have done to harden our clients include – Using local policies to limit and separate the standard user/admin account – Install/configure Antivirus software – Configure the Firewall to only allow services the group wants – Disable what is not being used ■ While all of these will provide a screen to attacks at best the point is to make it a little harder to attackers

Samba

■ Initial Security Configurations – Update, Turn off unneeded services ■ Network Security – Firewall rules ■ Host Security – File Permissions, logwatch, strong user passwords ■ Application Security – Configuration file

Firewall Server

■ Applying the rule of least privilege ■ Deny everything unless a rule matches ■ Configure logging to notice anomalies ■ Specify state, source, and destination addresses/ports for more focused firewall rules – Iptab ptables les –I (chain hain) –s I IP addr dres ess s –d IP address dress –sport t ## --

• -dpor

port ## ## -m m conntrac nntrack –cts tsta tate NEW,R ,RELA LATED,E TED,ESTABLI BLISHE HED -j ACCEPT PT

THANK YOU